The Challenges of Data Governance in Healthcare

Organizations throughout the industry – including healthcare payers, third-party administrators, and pharmaceutical companies – face rising data governance in healthcare challenges and uncertainties in 2022. Following unprecedented organizational stress and healthcare worker attrition during the Covid-19 pandemic, IT departments across the industry are also confronting crippling staff shortages and critical skills. Meanwhile, cyberattacks on healthcare organizations have reached all-time highs, and changes to data privacy regulations loom on the horizon. 

Last year, the number of people affected by healthcare data breaches grew from 34 million in 2020 to 45 million in 2021. Overall, the number of cybercrime victims in healthcare has doubled since 2018. Healthcare data has always been an enticing target for cybercriminals. Nevertheless, during the hard shift to remote work and cloud data storage over the last two years, vulnerable remote access points have grown exponentially, precipitating stark increases in attempted breaches. 

In addition to managing external security threats, organizations also need to keep their ears to the ground regarding pending activities of the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) regarding proposed changes to the Health Insurance Portability and Accountability Act (HIPAA) and new legal definitions of information security requirements for the healthcare industry.

For organizations in this high-stakes context of uncertainty, understanding the criticality of data governance has become a top stack priority. In this guide, you’ll learn about some major challenges in data governance in healthcare today. 

Key Takeaways:

• Increased system vulnerabilities combined with uncertain eminent changes in applicable privacy laws have made data governance critically important to healthcare organizations. 
• Data governance is a subset of data management that defines roles and practices concerning data availability and control in an organization.
• To manage increased data responsibilities and liabilities, organizations should attempt to gain a better understanding of coming data governance challenges. 

What is Data Governance in Healthcare?

Data governance refers to establishing rules and roles within a corporate or public organization to manage the availability, accessibility, integrity, and security of data for that organization. Data governance typically defines internal data standards and data use and access policies. Organizations practice data governance to ensure that their data is consistent, accessible, and not vulnerable to improper access. Data governance has become an indispensable part of data management as organizations strive to maintain compliance with changing regulatory privacy controls while leveraging data to extract predictive analytics for more data-driven decision-making processes.

Data governance programs typically consist of three tiers of roles:

• A governance team
• A steering committee that acts as a governing body
• Data stewards who ensure data quality and implement governance policies

The individuals who fill these roles collaborate to create and enforce governance standards and policies. 

Data Governance in Healthcare

Image source: https://www.techtarget.com/searchdatamanagement/definition/data-governance

Many kinds of healthcare organizations – from care providers such as hospitals and clinics to research and third-party affiliates – capture and store data relevant to data governance policies. The importance and value of data governance within organizations derive from three factors.

1. Reduced Costs Resulting from Bad Data 

Unintegrated healthcare data scattered across multiple partitioned systems invariably contains duplicate, incomplete, or otherwise faulty records. Across healthcare organizations, these kinds of bad data account for roughly 10% of the whole. In the private sector at large, bad data costs US organizations $3.1 trillion annually. 

2. Improved Decision-Making Capabilities through Predictive Analytics

Organizations that invest in good data governance practices and data integrity consistently outperform their peers at the bottom line. Data governance reliably delivers an 8% increase in total revenue, a 10% reduction in overhead, and a 69% improved chance of strategy effectiveness. 

3. Ensured Compliance with Data Privacy Laws

As stewards of data legally protected by privacy regulations such as HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act, healthcare organizations have unique obligations to securely store personal health information (PHI) and control who accesses and shares it. Because of the increased liability associated with compliance, maintaining data privacy controls has an emphasized importance in healthcare compared to other industries. 

Healthcare Data Governance Challenges

Here are three emerging data governance challenges organizations should familiarize themselves with.

1. Implementing Access Controls

The increased adoption of remote healthcare services and Internet of Things (IoT) technologies in medical monitoring devices has expanded the attack surface for cybercriminals seeking entry points. For healthcare IT professionals, applying the principle of least privilege is the appropriate best practice when managing a surfeit of potential access points. 

This principle dictates that every user and system should only have access to the minimum data necessary to perform their roles and functions. As user roles are often temporary and cloud-based storage systems may be ephemeral – being wiped and reconstructed on the order of days to months – network administrators need to monitor and adjust system permissions continuously. 

2. Ensuring Data Availability

Access controls are one side of the coin in maintaining data security. Wherever human users require access to sensitive data, vulnerabilities multiply. Across the board, human activity accounts for 88% of all data breaches. 

Regulations require that healthcare organizations give patients access to their medical records, but in many cases, this also limits an organization’s ability to secure data as users may be largely unaware of common risks such as email phishing scams. Mitigating this risk involves advanced network monitoring of web analytics to identify anomalous user behavior and temporarily restrict account access when further credentials should be confirmed. 

3. Instilling Best Practices in Your Employees

Image source: https://www.imperva.com/learn/application-security/social-engineering-attack/

In cybersecurity, a social engineering attack involves using human interaction to compromise a system or sensitive information. Attackers may attempt to represent themselves to credentialed employees as new employees, repair personnel, or even law enforcement to gain their trust and convince them to disclose protected information. In healthcare, social engineering attacks can be more difficult to prevent as concerned friends, and family members seeking patient information are a normal part of day-to-day operations. The best defense organizations have against such methods is thorough and regularly reiterated training per the Cybersecurity and Infrastructure Security Agency’s (CISA) guidelines. 

Master Data Management with Coperor by Gaine

Coperor’s healthcare-specific master data management platform creates real-time comprehensive data visibility across the entirety of your information ecosystem, including your contracted partners. Both deployable out-of-the-box and highly customizable for more targeted needs, Coperor can jumpstart your organization on the road to sound data governance.

To learn more and schedule a demo, contact Gaine today.